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network sessions. This allows each of the simultaneous 
network connections to gain the benefits of network address 
translation. 

93 Claims^ 5 Drawing Sheets 



150 

\ 




154 

/ 




PPP 


ISP 


PC 


/ 


(GATEWAY) 



156 



152 



FIRST 
NETWORK 



158 



160 



SECOND 
NETWORK 



162 



04/04/2004, EAST Version: 1.4.1 



us 6,490^89 Bl 

Page 2 



U S. PATENT DOCUMENTS 



5,594,732 A 1/1997 Bell et al 370/401 

5,617,417 A 4/1997 Sathe et al 370/394 

5,659,542 A 8/1997 Bell et al 370/496 

5,671,354 A 9/1997 Ito ct al 395/187.01 

5,673,265 A 9/1997 Gupta et al 370/432 

5,699,521 A 12/1997 lizuka et al 395/200.15 

5,737,526 A 4/1998 Periasamy et al 395/200.06 

5,740,171 A 4/1998 Mazzola et al 370/392 

5,740,176 A 4/1998 Gupta et al 370/440 

5,787,253 A 7/1998 McCrecry et al 395/200.61 

5,793,763 A 8/1998 U&yts et al 370/389 

5,799,017 A 8/1998 Gupta et al 370/419 

5,802,047 A 9/1998 Kinoshita 370/359 

5,802,316 A 9/1998 Ito ct al 395/200.79 

5,805,595 A 9/1998 Sharper et al 370/442 

5,815,665 A 9/1998 Teper et al 395/200.59 

5,835,727 A 11/1998 Wong et al 395/200.68 

5,838,683 A 11/1998 Corley et al 370/408 

5,854,901 A 12/1998 Cole et al 395/200.75 

5.867.495 A 2/1999 Elliott et al 370/352 

5,883,893 A 3/1999 Rumer et al 370/395 

5,933,625 A 8/1999 Sugiyama 395/557 

5,959,990 A 9/1999 Frantz et al 370/392 

5,991,810 A 11/1999 Shapiro et al 709/229 

5,991,828 A 11/1999 Horie et al 710/8 

6,009,103 A 12/1999 Woundy 370/401 

6.011.909 A * 1/2000 Newlin et al 395/200.57 

6.011.910 A 1/2000 Chau et al 395/200.59 

6,018,770 A 1/2000 Little et al 709/223 

6.021.496 A 2/2000 Dutcher et al 713/202 

6,026,086 A * 2/2000 Lancelot et al 370/353 

6,026,441 A 2/2000 Ronen 709/227 

6,028,848 A 2/2000 Bhatia et al 370/257 

6,029,203 A • 2/2000 Bhatia et al 709/244 

6,047,325 A ♦ 4/2000 Jain et al 709/227 

6,047,376 A 4/2000 Hosoe 713/201 



6,055,236 A ♦ 4/2000 Nessctt et al 370/389 

6,065,049 A * 5/2000 Bescr et al 709/218 

6,065,064 A 5/2000 Satoh et al 709/249 

6,091,951 A 7/2000 Sturaiolo ct al 455/432 

6,098,106 A 8/2000 PhUyaw ct al 709/238 

6,157,636 A * 12/2000 Voit et al 370/353 

6,160,808 A ♦ 12/2000 Maurya 370/389 

6,226,678 Bl 5/2001 Mattaway ct al 709/230 

6,269,099 Bl * 7/2001 Borella et al 370/389 

6,317,594 Bl 11/2001 Gossman et al 455/414 



OTHER PUBUCAnONS 

Ascend Commuaications, Inc., "Access Control Product 
Information", 4 pages. 

Ascend Communications, Inc., "Remote Access Network 
Security", printed from http://www.ascend.coni/1103.html, 
on JuL 24, 1998, pp. 1^. 

Droms, R., "Dynamic Host Configuration Protocol/' Net- 
work Working Group, RFC 1531, Oct. 1993. 
NAT and Networks, printed from http://www.csn.tu-chem- 
nitz.de/~mha/linux-ip-nat/diplom/node4.html, on Sep. 19, 
1998. 

"NAT-PC Webopaedia Definition and Links", 1998, Meck- 
lermedia Corporation, printed from http://webopedia.inter- 
net.eom/TERM/N/NAr.htmI, on Sep. 19, 1998, 1 page. 
"Network Address Translation Information", printed from 
http:/Avww.uq,edu . au/-gadmacka/content/natinforma- 
tion.htm, on Sep. 19, 1998. 

Perkins, D., "Requirements for an Internet Standard Point- 
to-Point Protocol", Dec. 1993, Network Working Group, 
RFC 1547, pp. 1-19. 

Simpson, W, "The Point-to-Point Protocol (PPP)", Dec. 
1993, Network Working Group, RFC 1548, pp. 1-53. 

* cited by examiner 



04/04/2004, EAST Version: 1.4,1 



U.S. Patent Dec. 3, 2002 sheet 1 of 5 US 6,490,289 Bl 



10 

s 




14 

/ 




18 

/ 


PC 


ppp 


ISP/AP 




INTRANET 


/ 


S 



12 16 



FIG. 1 



50 

S 




54 

\ 




58 




62 
/ 


PC 




iSP 




INTRANET 




INTERNET 


/ 


\ 


\ 



52 56 60 



FIG. 2 



92 




86b 



FIG. 3 



04/04/2004, EAST Version: 1.4.1 



U.S. Patent 



Dec. 3, 2002 



Sheet 2 of 5 



US 6,490,289 Bl 



(begin) 



ESTABLISH A FIRST NETWORK 
SESSION BETWEEN THE 
GATEWAY AND A FIRST NETWORK 



RECEIVE A FIRST 
NETWORK ADDRESS FOR 
THE USER, THE FIRST REAL 
NETWORK ADDRESS ASSIGNED 
BY THE FIRST NETWORK 







ESTABLISH A SECONDARY 
NETWORK CONNECTION 
BETWEEN THE GATEWAY 

AND A SECOND NETWORK 







RECEIVE A SECOND REAL 
NETWORK ADDRESS FOR 
THE USER, THE SECOND REAL 
NETWORK ADDRESS ASSIGNED 
BY THE SECOND NETWORK 



•100 



(^END^ 

FIG. 4 



102 



104 



106 



150 

\ 




154 

/ 


PC 


PPP 


ISP 


/ 


(GATEWAY) 



152 




FIRST 
NETWORK 



•158 



SECOND 
NETWORK 



162 



FIG. 5 



04/04/2004, EAST Version: 1.4.1 



U.S. Patent Dec. 3, 2002 sheet 3 of 5 



US 6,490,289 Bl 



170 



USER 


PPP 




PPP SESSION 






INITIATOR 



176- 



174 



NETWORK 
ADDRESS 
RECEIVER 



178- 



NETWORK 
ADDRESS 
ALLOCATOR 



180 



NAT 
TABLE 
STORER 



182 



NAT TABLE 



184 186 



•172 



TO NETWORKS 



FIG. 6 



(begin^ 







RECEIVE A PACKET 
FROM THE USER 






EXAMINE A PACKET TO 
DETERMINE ITS DESTINATION 






PERFORM NETWORK ADDRESS 
TRANSLATION ON THE PACKET 






FORWARD THE TRANSLATED 
PACKET TO THE 
APPROPRIATE NETWORK 







-200 



■ 202 



^204 



206 



FIG. 7 



04/04/2004, EAST Version: 1.4.1 



U.S. Patent Dec. 3, 2002 sheet 4 of 5 US 6,490,289 Bl 



VERSION 


IHL 


TYPE-OF-SERVICE 


TOTAL LENGTH 


IDENTIFICATION 


FLAGS 


FRAGMENT OFFSET 


TIME TO LIVE 


PROTOCOL 


HEADER CHECKSUM 


234 




SOURCE ADDRESS 






232 




DESTINATION ADDRESS 






OPTIONS (+PADDING) 


DATA 



230 



IP PACKET 



FIG. 8 



BEGIN 




RECEIVE A PACKET FROM 
THE FIRST NETWORK OR 
THE SECOND NETWORK 



PERFORM NETWORK ADDRESS 
TRANSLATION ON THE PACKET 



FORWARD THE TRANSLATED 
PACKET TO USER 



( ^END^ 

FIG. 9 



-250 



-252 



-254 



04/04/2004, EAST Version: 1.4.1 



U.S. Patent Dec. 3, 2002 sheet 5 of 5 US 6,490,289 Bl 



FROM USER 



300- 



PACKET 
RECEIVER 



-302 



308- 



PACKET EXAMINER 



ADDRESS 
EXTRACTOR 



310- 



ROUTING 

TABLE 
SEARCHER 



304- 



NETWORK 
ADDRESS 
TRANSLATOR 



-312 



NETWORK 
DETERMINER 



-306 



PACKET 
FORWARDER 



TO NETWORK(S) 



FIG. 10 



04/04/2004, EAST Version: 1.4,1 



us 6,490,289 Bl 

1 

MULTIPLE NETWORK CONNECTIONS 

FROM A SINGLE PPP LINK WITH 
NETWORK ADDRESS TRANSLATION 



2 

TABLE 1 


Name 


Direction 


Description 


Configuie-rcquest 


I-* 


R 


List of proposed options and values 


Conflguie-act 


l-^ 


R 


All options are accepted ' 


Configure-nak: 


I-i- 


R 


Some options are not accepted 


Configuic-rcjcct 


I*- 


R 


Some options arc not negotiable 


Terminate-request 


I — 


R 


Request to shut down the line 


Tferminate-ack 


I- 


R 


OK to shut down the line 


Code-reject 


I **" 


R 


Unknown request received 


Protocol-reject 




R 


Unknown protocol received 


Echo-request 




R 


Please scad this frame back 


Echo-reply 


I ^ 


R 


Here is the frame back 


Discard- request 




R 


Discard this frame (for testing) 



BACKGROUND OF THE INVENTION 

1, Field of the Invention 

The present invention relates to the field of computer 
networks. More particularly, the present invention relates to 
managing multiple network connections from a single PPP 
link while performing network address translation. 

2. The Background 

-rte Point-to-Point protocol (PPP) is a data Unk protocol 15 ^^^^ ^^^^ ^. ^^^^ ^ geographic 

that provides dial up access over analog or digital transmis- (^^^^ ^ ^ multi-national corporations), 

sion lines. PPP provides many advanced features, including ^ ^ ^,^^5^ ^ ^ ^^.^^ connection 

emr detection support of multiple protocols negoUation of ^„ j^j^^^^^ p^^^„^ j„ ^^^^^ ^ ^ 

IP addresses at connecuon time and authenUcatton.T^ 12 to an Internet service provider (ISP) or access point 

ar« three main features of PPP THe first is that it provides a 20 ^ ^^^^^^ ^ 

trammg method to delineate the end of one frame and the Intranet 18 

beginning of the next one in order to handle error detection. ^ ^^^^.j^ ^^^^^ ^^^^^^ ^^^^^^ ^^^^ 

The second is a hnk control protocol for bringing hn^ up, ^^^j^ ,^ ^j^^ ^^ f^j^^^j ^^^^ 

testing them negotiatmg options, and bnngmg them down j^^^^^^ ^ ^^^^ ^ ^.^^^ ^^^^^ 

again when they are no longer needed. This is known as the 25 # i^ u v u j t-u ^ * ^ 

I • 1 * 1 n * 1 /T t-u *u ,1 • * *• . ^ays that this could be accomplished. The first, and most 

umK uoniroi rrotocoi (^Lur;. ine mira is a way to negotiate . ^ ^^^^ 

user to first terminate the 

network layer opUons m a way mdependent of the network ppp ^^^^^^ b,,^,,^ pc lo and the ISP or 

layer protocol to be used. Thus, the method chosen may have ->/i ♦u^ u i • * j 

jfc * 1^.11^. 1 /xT^T»\ £ u access point 24. Then the user could log into a second 

a different Network Control Protocol (NCP) for each net- • » / » *u t * . ^ - j i. i r • 

work la er su o t d 30 intranet or to the Internet. The major drawbacks of this 

^ * solution are obvious. It does not allow for simultaneous 

PPP is commonly used as the data link protocol between connection to two intranets, or to one intranet and the 

auser and an Internet Service Provider (ISP) or access point. Internet, thus limiting the productivity of the user. 

This is usually accomplished through the following method. Additionally, it requires termination of the PPP link between 

The personal computer of the user is instructed to call the the PC and the ISP, thus using up valuable time on the user's 

ISP through a modem. After the ISP's modem receives the end, as he has to re-initiate a connection process, 

call and establishes a physical connection, the personal The second way an entity could offer access to a second 

computer sends a series of LCP packets in the payload field intranet or to the Internet is to have a preconfigured con- 

of one or more PPP frames. These packets, and their nection from the intranet to the second intranet or Internet, 

responses, comprise the negotiation of the session, and set ^ such that communications between the user and the second 

the PPP parameters lo be used during the session. intranet or Internet pass through the intranet. FIG. 2 is a 

Once the negoUation is complete, a series of NCPpackels ^}°''^ 9^^"^. "^"f'^i^'* * '° "''/"''"^lo^ 

are sent to configure the network layer. TVpically, the 'trough an m'"i>et 58^ a user at PC 50 maintains a PPP 

personal computer wants to run a TCP/IP protocol stack, so " to ISP 54, which is connected to the mtranet 

it needs anIP address. The NCP for IP may then be used to 45 f*; '"'''^ff if '? '"t" """"^^^ ^ '° 

assign an IP address to the user (dynamic assigmnent of IP ont'^ ,u "^V^^ 'u^' 

addresses is now common for dial-up users). At this point, ^r^- ^ .1 ' « f 

the personal computer has become an Internet host and may !° ff" """^^ ^'"^ ''f '^^°"8'» 

send and receive IP packets, just as a hardwired host could "I'^^^t 5« and poses a security nsk to the mfoimauon sent 

When the user has finished. NCP is used to tear down the so ^^^^ intranet 58. ..... 

network layer connection and free the IP address. The LCP , °^ ^ '^^^ I' 

is then used to shut down the data link layer eonnecUon. ^'^'P'^^ f " P°"*/° P°'°' P™'°'=°!' "^eanrng that it is 

FinaUy, the personal computer hangs up the modem, releas- *^"''8nf for use between two endpomts. Therefore it is 

ing the physical layer connection. ^"''^"''y ^o connect to two indepen- 

dent cndpoints simultaneously (such as an intranet and the 

There are currently eleven types of LCP packets. These Internet, or to two independent intranets) using a single PPP 

types are illustrated in Table 1 below, along with the link. 

direction in which they travel (from Initiator (I) to responder What is needed is a method by which a user may connect 

(R) or vice-versa) and their description. to two independent cndpoints simultaneously using a single 

In recent years, "intranets" have been rising in popularity, 60 ^"^* 

especially with large companies. An intranet is an internal cirxfivjr awv r^o TOr: TMx/cxmr^NT 

network that serves only a specific type of person (such as SUMMARY OF THE INVENTION 

employees of a corporation, or students at a school). The Multiple simultaneous network connections from a single 

intranet is usually not accessible to the general public. PPP connection may be accomplished by utilizing a gateway 

Intranets have become popular mainly because they allow 65 in the following manner. A first network connection is 

for much more productive communication between users established between the gateway and a first network. A first 

within the network, real network address for the user is then received, the first 
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real network address assigned by the first network. Then, the 
gateway may establish a network session between the gale- 
way and a second network and receive a second real network 
address for the user, the second real network address 
assigned by the second network. A virtual network address 
may be assigned to the user for network address translation 
purposes. Additional network connections may be added in 
a similar manner. Network address translation is then per- 
formed on packets traveling between the user and any of the 
network sessions. This allows each of the simultaneous 
Dctwork connections to gain the benefits of network address 
translatioQ. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram depicting a typical connection 
to an intranet. 

FIG. 2 is a block diagram illustrating a connection to the 
Internet through an intranet. 

FIG. 3 is a diagram illustrating the use of a gateway to 
couple multiple networks in accordance with a presently 
prefened embodiment of the present invention. 

FIG. 4 is a flow diagram illustrating a method for estab- 
hshing multiple network connections for a user having a PPP 
connection to a gateway according to presently preferred 
embodiment of the present invention. 

FIG. 5 is a block diagram illustrating multiple network 
connections from a single PPP connection as they would 
appear after the steps depicted in FIG. 4 were executed in 
accordance with a presently preferred embodiment of the 
present invention. 

FIG. 6 is a block diagram illustrating a network gateway 
for use in a system having a user with a PPP connection to 
a gateway in accordance with a presently preferred embodi- 
ment of the present invention. 

FIG. 7 is a flow diagram illustrating a method for outgo- 
ing communications routing in a system in which a user is 
connected to a first network and a second network according 
to a presently preferred embodiment of the present inven- 
tion. 

FIG. 8 is a diagram illustrating a packet in accordance 
with the IP protocol. 

FIG. 9 is a flow diagram illustrating a method for incom- 
ing communications routing of in a system in which a user 
is connected to a first network and a second network 
according to a presently preferred embodiment of the 
present invention. 

FIG. 10 is a block diagram illustrating a network gateway 
according to another embodiment of the present invention. 

DETAILED DESCRIPTION OF A PREFERRED 
EMBODIMENT 

Those of ordinary skill in the art will realize that the 
following description of the present invention is illustrative 
only and not in any way limiting. Other embodiments of the 
invention will readily suggest themselves to such skilled 
persons. 

In accordance with a presently preferred embodiment of 
the present invention, the components, process steps, and/or 
data structures are implemented using a gateway device. 
Different implementations may be used and may include 
other types of operating systems, computing platforms, 
computer programs, and/or general purpose machines. In 
addition, those of ordinary skill in the art will readily 
recognize that devices of a less general purpose nature, such 
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as hardwired devices, devices relying on FPGA or ASIC 
technology, or the like, may also be used without departing 
from the scope and spirit of the inventive concepts disclosed 
herewith. 

A method for making multiple network connections with 
network address translation is provided. This method may be 
executed by a gateway. A gateway is a device which 
performs protocol conversion between different types of 
networks or applications. The term gateway is not meant to 
be limited to a single type of device, as any device, hardware 
or software, that may act as a bridge between the user and 
the networks may be considered a gateway for purposes of 
this application. FIG. 3 is a diagram iUustrating the use of a 
gateway to couple multiple networks. Computer 80 connects 
to gateway 82 through a modem 84, while computers S6a 
and H6b couple to a hub 88; then through modem 90 to 
gateway 82. Gateway 82 may then interface computers 80, 
86a, and 86i> to multiple networks. These may include a first 
corporate intranet 92, a second corporate intranet 94, and the 
Internet 96. 

In the present invention, network address translation 
(NAT) is utilized on aU the network connections. NAT is an 
Internet standard that enables a local-area network (LAN), 
intranet, or ISP to use one set of network addresses for 
internal trafiBc and a separate set of network addresses for 
external traf&c. Network addresses are generally Internet 
Protocol (IP) addresses, but there are many other possible 
network addresses as well. At the ISP level, there is normally 
a gateway, which is a device that acts as an interface between 
the ISP and the intranet or Internet. When network address 
translation is used, the Gateway will act to convert the 
destination addresses of incoming packets and source 
addresses of outgoing packets so. that traffic is directed to the 
correct address. 

Network address translation provides two main advan- 
tages. First, it adds security to the LAN or intranet, as it acts 
as a type of firewall, preventing users from outside the LAN 
or intranet from determining the internal network addressing 
scheme of the LAN or intranet. Second, it saves network 
addresses. With the ever growing popularity of the Internet 
and computer networks, a major issue is the availability of 
IP addresses. A standard IP address is 32 bytes in length, 
providing a total of 2^^ possible IP addresses. Those of 
ordinary skill in the art will readily recognize that not all of 
these possible IP addresses are available due to administra- 
tive expediencies, such as reserving blocks of IP addresses 
for future use. Network address translation saves IP 
addresses by allowing the ISP to use IP addresses internally 
that may be used by other networks on the Internet because 
there is no possibiUty of conflict, 

FIG, 4 is a flow diagram illustrating a method for estab- 
lishing multiple network connections for a user having a PPP 
connection to a gateway according to presently preferred 
embodiment of the invention. This method rnay be executed 
by a gateway. At step 100, a first network session is 
estabhshed between the user and the first network. The 
connection does not have to be PPP, but may be any other 
communications standard. At step 102, a first real network 
address is received for the user. This first real network 
address is assigned by the first network. 

At some point during the session, the user may request 
connection to a second network. Therefore, at step 104, the 
gateway may establish a second network session between 
the gateway and a second network. At step 106, a second real 
network address for the user is received, the second real 
network address assigned by the second network. 
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Network address translation will be utilized on each of the 
sessions. Therefore, this may or may not require an action to 
be taken by the gateway when the connection is established. 
Some forms of network address translation require that a 
NAT table be maintained. Id such instances, the gateway 
may assign the user a virtual network address according to 
a network address translation allocation scheme and store 
the virtual network address in a NAT table in an entry 
corresponding to the real network address received from the 
network being connected. Some forms of network address 
translation involve simply applying the network address 
translation scheme to each packet as it is received. In such 
instances, no steps need to be taken by the gateway until a 
packet is received. 

FIG. 5 is a block diagram illustrating multiple network 
connections from a single PPP connection as they would 
appear after the steps depicted in FIG. 4 were executed. PC 
150 maintains the PPP connection to the ISP 154, which may 
contain the gateway. First network session 156 links the 
gateway to the first network 158, while second network 
connection 160 connects the gateway to the second network. 

The gateway may configure more than two network 
sessions should the user so desire. These additional network 
sessions are created in a similar fashion to the other network 
sessions. 

Additionally, "tunneling" may be utifized in the case 
where not all the links follow the same protocol, but the two 
endpoints follow the same protocol. Tuimeling allows two 
hosts on the same type of network to communicate even 
though there may be different types of network in between. 
Tunneling is accomplished by encapsulating packets sent 
from a first type of network within packets of a type 
compatible with a second type of network for the duration of 
the packet's journey through the second type of network. 
Then, the outer packet is stripped off (and possibly some 
demultiplexing takes place) when the packet reaches the first 
type of network again. Layer Two l^inneling Protocol 
(l^TP) is a specific tunneling protocol that acts as an 
extension to the PPP protocol to allow ISPs to operate virtual 
private networks. L2TP or any other tunneling protocol may 
be used when establishing the network sessions. 

FIG. 6 is a block diagram illustrating a network gateway 
for use in a system having a user with a PPP connection to 
the gateway. User 170 has a PPP connection to gateway 172. 
The gateway 172 then contains many parts that interface the 
user 170 to multiple networks. A PPP session initiator 174 
establishes a first PPP session between the gateway and a 
first network. A network address receiver 176 receives a first 
real network address for the user, the first real network 
address assigned by the first network. The PPP session 
initiator 174 further establishes a second PPP session 
between the gateway and a second network. The network 
address receiver further receives a second real network 
address for the use, the second real network address assigned 
by the second network. 

A network address allocator 178 assigns the user a virtual 
network address. A NAT table storer 180 stores the virtual 
network address is a NAT table 182 in an entry 184 
corresponding to the first real network address, and stores 
said virtual network address in the NAT table 180 in an entry 
184 corresponding to the second real network address. 

FIG. 7 is a flow diagram illustrating a method for outgo- 
ing communications routing in a system in which a user is 
connected to a first network and a second network according 
to a presently preferred embodiment of the invention. 

At step 200, a packet is received from the user At step 
202, the packet is examined to determine if its destination is 
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the first network or the second network, FIG. 8 is a diagram 
illustrating a packet in accordance with the IP protocol. 
Normally, there will be a destination network address field 
232 within the packet 230. The destination network address 

5 may then be extracted from this field. Then the address may 
be compared with a routing table. This routing table may be 
maintained by the gateway or a router. The routing table 
contains a list of addresses and the corresponding networks 
to which packets sent to that address should be routed. This 

10 allows the gateway to forward the packets to the correct 
network. In many cases, routing the packets to either net- 
work will allow the packet to arrive at its destination. In 
these cases, the routing table may indicate the network that 
will provide for the shortest travel time for the packet, in 

15 order to save the user some lime. In yet other cases, it will 
not be clear to which network to send the packet (indicated 
by the fact that there is no entry for the address in the routing 
table). In these eases, a defatdt network will be estabfished 
to which to send packets. 

20 Referring back to FIG. 7, at step 2204, network address 
translation is performed (perhaps by applying a network 
address translation mapping scheme to the packet or perhaps 
by looking up the destination real address in a NAT table) to 
arrive at a real destination address. At step 206, the packet 

25 is then forwarded to the appropriate network. A similar 
scheme may be utUized when there are more than two 
simultaneous network connections, with NAT beiag per- 
formed on each network connection. 

Likewise, when a packet is received from a network, then 
network address translation is performed, FIG. 9 is a flow 
diagram illustrating a method for incoming communications 
routing of in a system in which a user is connected to a first 
network and a second network. At step 250, a packet is 
received from the first network or the second network. At 
step 252, network address translation is performed on the 
packet. Then the packet is forwarded to the user at step 254. 

FIG. 10 is a block diagram illustrating a network gateway 
according to another embodiment of the present invention. 

^ The components of this gateway may be combined with the 
gateway depicted in FIG. 5 for use as one complete gateway, 
A packet receiver 300 receives a packet sent by the user. A 
packet examiner 302 examines the packet to determine if its 
destination is the first network or the second network. A 
network address translator 304 performs network address 
translation on the packet. A packet forwarder 306 forwards 
the translated packet to the first network or the second 
network, depending upon the packet's destination. 
The packet examiner 302 may contain a network address 

5Q extractor 308, which extracts a destination network address 
from the packet, a routing table searcher 310, which looks up 
the destination network address in a routing table, and a 
network determiner 312, which determines that the destina- 
tion is the first network or the second network based upon 

55 the listing for the destination network address in the routing 
table. The network determiner 312 may further determine 
that the destination is the first network or second network 
based upon a default setting if the destination network 
address is not listed in the routing table. 

60 The packet receiver 300 may further receive a second 
packet, the second packet sent from said first network or said 
second network. The network address translator 304 may 
further perform network address translation on said second 
packet. The packet forwarder 306 may further forward said 

65 second packet to the user. 

This invention allows for the simultaneous connection to 
two or more network s from only one single PPP connection. 
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It also allows for networks to be added at the time the user 
requests connection, such that the networks do not need to 
be preconfigured. All of the benefits of network address 
translation may be realiied on each of the simultaneous . 
network connections. Additionally, an increase in security is 5 
provided in that traflSc to networks travel directly to the 
gateway rather than through one of the other simultaneously 
connected networks. 

While embodiments and applications of this invention 
have been shown and described, it would be apparent to 
those skilled in the art that many more modifications than 
mentioned above are possible without departing from the 
inventive concepts herein. The invention, therefore, is not to 
be restricted except in the spirit of the appended claims. 

What is claimed is: 15 

1. A method for establi^ing multiple network connec- 
tions for a user having a PPP connection to a gateway, 
including the steps of: 

establishing a first network session between the gateway 
and said first network; 

receiving a first real network address for the user, said first 
real network address assigned by said first network; 

establishing a second network session between the gate- 
way and a second network while said first network 25 
session is established; and 

receiving a second real network address for the user, said 
second real network address assigned by said second 
network. 

2. The method of claim 1, further including the steps of: 30 
assigning the user a virtual network address; and 

storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said 

second real network address. 

3. The method of claim 2, wherein said assigning step 
includes the step of assigning the user a virtual network ^ 
address utilizing a network address translation allocation 
scheme. 

4. The method of claim 1, wherein said first network 
session and said second network session are tunneling 
sessions. 

5. The method of claim 3, wherein said first network 
session and said second network session are L2TP sessions. 

6. A method for establishing multiple network connec- 
tions for a user having a PPP connection to a gateway, 
including the steps of: 

receiving a first PPP connection request from the user; 
negotiating LCP options between the user and a first 
network; 

establishing a first PPP session between the gateway and 
said first network; ss 

receiving a first real network address for the user, said first 
real network address assigned by said first network; 

receiving a second PPP connection request firom the user; 

negotiating LCP options between the user and a second gp 
network; 

establishing a second PPP session between the gateway 

and said second network while said tirst PPP session is 

established; and 
receiving a second real network address for the user, said 65 

second real network address assigned by said second 

network. 
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7. The method of claim 6, further including the steps of: 
assigning the Tiser a virtual network address; 

storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address. 

8. The method of claim 7, wherein said assigning step 
includes the step of assigning the user a virtual network 
address utihzing a network address translation allocation 
scheme. 

9. The method of claim 7, wherein said first network 
session and said second network session are tunneling 
sessions. 

10. The method of claim 7, wherein said first network 
session and said second network session are L2TP sessions. 

11. A method for network communications in a system 
having a user with a PPP connection to a gateway, including 
the steps of: 

establishing a first network session between the gateway 
and said first network; 

receiving a first real network address for the user, said first 
real network address assigned by said first network; 

establishing a second network session between the gate- 
way and a second network while said first network 
session is established; 

receiving a second real network address for the user, said 
second real network address assigned by said second 
network; 

receiving a packet sent by the user; 

examining said packet to determine if its destination is 

said first network or said second network; 
forwarding said packet to the first network if said packet 

indicates that its destination is said first network; 
performing network address translation on said packet; 

and 

forwarding said translated packet to said second network 
if said packet indicates that its destination is said 
second network. 

12. The method of claim 11, fiirther including the steps of: 
assigning the user a virtual network address; 

storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address. 

13. The method of claim 12, wherein said assigning step 
includes the step of assigning the user a virtual network 
address utilizing a network address translation allocation 
scheme. 

14. The method of claim 13, wherein said first network 
session and said second network session are L2TP sessions. 

15. The method of claim 11, wherein said first network 
session and said second network session are tunneling 
sessions. 

16. The method of claim 11, wherein said examining step 
further includes the steps of: 

extracting a destination network address from the packet; 
looking up said destination network address in a routing 
table; 

determining that said destination is the first or second 
network based upon the Listing for the destination 
network address in the routing table; and 
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determiDing that said destination is the first or second 
network based on a default setting if said destination 
network address is not listed in said routing table. 

17. The method of claim 11, wherein said performing 
network address translation step includes the step of apply- 
ing a network address translation mapping scheme to said 
destination network address. 

18. The method of claim 11, wherein said performing 
network address translation step includes the step of looking 
up said destination network address in a network address 
translation table. 

19. The method of claim 11, further including the steps of: 
receiving a second packet, said second packet sent from 

said first network or said second network; 
performing network address translation on said second 

packet; and 
forwarding said second packet to. the user. 

20. A method for network communications in a system 
having a user with a PPP connection to a gateway, including 
the steps of: 

receiving a first PPP connection request from the user; 
negotiating LCP options between the user and a first 
network; 

establishing a first PPP session between the gateway and 25 

said first network; 
receiving a first real network address for the user, said first 

real network address assigned by said first network; 
receiving a second PPP connection request from the user; 
negotiating LCP options between the user and a second 

network; 

establishing a second PPP session between the gateway 
and said second network while said first PPP session is 
established; 

receiving a second real network address for the user, said 
second real network address assigned by said second 
network; 

receiving a packet sent by the user, 

examining said packet to determine if its destination is 40 

said first network or said second network; 
forwarding said packet to the first network if said packet 

indicates that its destination is said first network; 
performing network address translation on said packet if 

said packet indicates that its destination is said second 

network; and 

fonvarding said translated packet to said second network 
if said packet indicates that its destination is said 
second network. 

21. The method of claim 20, further including the steps of: 
assigning the user a virtual network address; 
storing said virtual network address in a network address 

translation table in an entry corresponding to said first 
real network address; and 
storing said virtual network address in a network address 
translation table in an entry corresponding to said first 
real network address. 

22. The method of claim 21, wherein said assigning step 
includes the step of assigning the user a virtual network 
address utilizing a network address translation allocation 
scheme. 

23. The method of claim 20, wherein said first network 
session and said second network session are tunneling 
sessions. 

24. The method of claim 23, wherein said first network 
session and said second network session are L2TP session. 
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25. The method of claim 20, wherein said examining step 
further includes the steps of: 

extracting a destination network address from the packet; 
looking up said destination network address in a routing 
table; 

determining that said destination is the first or second 
network based upon the listing for the destination 
network address in the routing table; and 

determining that said destination is the first or second 
network based on a default setting if said destination 
network address is not listed in said routing table. 

26. The method of claim 20, wherein said performing 
network address translation step includes the step of apply- 
ing a network address translation mapping scheme to said 
source network address, 

27. The method of claim 20, wherein said performing 
network address translation step includes the step of looking 
up said destination network address in a source address 
translation table. 

28. The method of claim 20, further including the steps of: 
receiving a second packet, said second packet sent from 

said first network or said second network; 
performing network address translation on said second 

packet; and 
forwarding said second packet to the user. 

29. A network gateway for use in a system having a user 
with a PPP connection to the gateway, including: 

a session initiator adapted to establish a first network 
session between the gateway and a first network; 

a network address receiver adapted to receive a first real 
network address for the user, said first real network 
address assigned by said first network; 

said session initiator further estabhsh a second network 
session between die gateway and a second network 
while said first network session is established; and 

said network address receiver is further adapted to receive 
a second real network address for the user, said second 
real network address assigned by said second network. 

30. The network gateway of claim 29, further including: 
a network address allocator adapted to assign the user a 

virtual network address; 
a NAT table storer adapted to store said virtual network 
address in a network address translation table in an 
entry corresponding to said first real network address; 
and 

said NAT table storer further adapted to store said virtual 
network address in a network address translation table 
in an entry corresponding to said first real network 
address. 

31. The network gateway of claim 30, wherein said 
network address allocator is further adapted to assign the 
user a virtual network address utihzing a network address 
translation allocation scheme. 

32. The network gateway of claim 29, wherein said first 
network session and said second network session are tun- 
neling sessions. 

33. The network gateway of claim 32, wherein said first 
network session and said second network session are L2TP 
sessions. 

34. A network gateway for use in a system having a user 
with a PPP connection to the gateway, including: 

a PPP session initiator adapted to establish a first PPP 
session between the gateway and a first network; 

a networit address receiver adapted to receive a first real 
network address for the user, said first real network 
address assigned by said first network; 
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said session initiator further adapted to establish a second 
PPP session between the gateway and a second network 
while said first PPP session is established; and 

said network address receiver fiirther adapted to receive a 
second real network address for the user, said second 5 
real network address assigned by said second network. 

35. The network gateway of claim 34, further including: 
a network address allocator adapted to assign the user a 

virtual network address; 
a NAT table storer adapted to store said virtual network 
address in a network address translation table in an 
entry corresponding to said first real network address; 
and 

said NAT table storer is further adapted to store said 
virtual network address in a network address translation 
table in an entry corresponding to said first real network 
address. 

36. Hie network gateway of claim 35, wherein said 
network address allocator is further adapted to assign the ^ 
user a virtual network address utilizing a network address 
translation allocation scheme. 

37. The network gateway of claim 34, wherein said first 
network session and said second network session are tun- 
neling sessions. ^ 

38. The network gateway of claim 34, wherein said first 
network session and said second network session are L2TP 
sessions. 

39. A network gateway for use in a system having a user 
with a PPP connection to the gateway, including: 

a session initiator adapted to establish a first network 
session between the gateway and a first network; 

a network address receiver adapted to receive a first real 
network address for the user, said first real network 
address assigned by said first network; 35 

said session initiator further establish a second network 
session between the gateway and a second network 
while said first network session is established; 

said network address receiver further adapted to receive a 
second real network address for the user, said second ^ 
real network address assigned by said second network; 

a packet receiver adapted to receive a packet sent by said 
user; 

a packet examiner adapted to examine said packet to 
determine if its destination is a first network or a second 
network; 

a network address translator adapted to perform network 

address translation on said packet; and 
a packet forwarder adapted to forward said translated 5Q 

packet to the first network or the second network, 

depending upon said packet's destination. 

40. The network gateway of claim 39, further including: 
a network address allocator adapted to assign the user a 

virtual network address; 55 
a NAT table storer adapted to store said virtual network 
address in a network address translation table in an 
entry corresponding to said first real network address; 
and 

said NAT table storer is further adapted to store said 60 
virtual network address in a network address translation 
table in an entry corresponding to said first real network 
address. 

41. The network gateway of claim 40, wherein said 
network address allocator is further adapted to assign the 65 
user a virtual network address utilizing a network address 
translation allocation scheme. 
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42. The network gateway of claim 40, wherein said 
network address translator is further adapted to look up said 
source network address in a network address translation 
table. 

43. The network gateway of claim 39, wherein said first 
network session and said second network session are tun- 
neling sessions. 

44. The network gateway of claim 43, wherein said first 
network session and said second network session are L2TP 
sessions. 

45. The network gateway of claim 39, wherein said packet 
examiner further includes: 

an network address extractor adapted to extract a desti- 
nation network address from said packet; 

a routing table searcher adapted to look up said destina- 
tion network address in a routing table; 

a network determiner adapted to determine that said 
destination is said first network or said second network 
based upon the listing for the destination network 
address in the routing table; and 

said network determiner further determine that said des- 
tination is the said first network or second networic 
based on a default setting if said destination network 
address is not listed in said routing table. 

46. The network gateway of claim 39, wherein said 
network address translator is further adapted to apply a 
network address translation mapping scheme to said source 
network address. 

47. The network gateway of claim 39, wherein said packet 
receiver is further adapted to receive a second packet, said 
second packet sent from said first network or said second 
network, said network address translator is further adapted 
to perform network address translation on said second 
packet, and said packet forwarder is further adapted to 
forward said second packet to the user. 

48. A network gateway for use in a system having a user 
with a PPP connection to the gateway, including: 

a PPP session initiator adapted to establish a first PPP 
session between the gateway and a first network; 

a network address receiver adapted to receive a first real 
network address for the user, said first real network 
address assigned by said first network; 

said session initiator further adapted to establish a second 
PPP session between the gateway and a second network 
while said first network session is established; 

said network address receiver further adapted to receive a 
second real network address for the user, said second 
real network address assigned by said second network; 

a packet receiver adapted to receive a packet sent by said 
user; 

a packet examiner adapted to examine said packet to 
determine if its destination is a first network or a second 
network; 

a network address translator adapted to perform network 

address translation on said packet; and 
a packet forwarder adapted to forward said translated 

packet network or the second packet's destinatioa 

49. The network gateway of claim 48, further including: 
a network address allocator adapted to assign the user a 

virtual network address; 
a NAT table storer adapted to store said virtual network 
address in a network address translation table in an 
entry corresponding to said first real network address; 
and 

said NAT table storer further adapted to store said virtual 
network address in a network address translation table 
in an entry corresponding to said first real network 
address. 
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50. The network gateway of claim 49, wherein said 
network address allocator is further adapted to assign the 
user a virtual network address utilizing a network address 
translation allocation scheme. 

51. The network gateway of claim 49, wherein said 5 
network address translator is further adapted to look up said 
source network address in a network address translation 
table. 

52. The network gateway of claim 48, wherein said first 
network session and said second network session are tun- lO 
Qcling sessions. 

53. The network gateway of claims 52, wherein said first 
network session and said second network session are L2TP 
sessions. 

54. The network gateway of claim 48, wherein said packet 15 
examiner further includes: 

an network address extractor adapted to extract a desti- 
nation network address from said packet; 

a routing table searcher adapted to look up said destina- 
tion network address in a nauting table; ^ 

a network determiner adapted to determine that said 
destination is said first network or said second network 
based upon the listing for the destination network 
address in the routing table; and ^ 

said network determiner further adapted to determine that 
said destination is the said first network or second 
network based on a default setting if said destination 
network address is not listed in said routing table. 

55. The network gateway of claim 48, wherein said 30 
network address translator is further adapted to apply a 
network address translation mapping scheme to said source 
network address. 

56. The network gateway of claim 48, wherein said packet 
receiver is further adapted to receive a second packet, said 35 
second packet sent from said first network or said second 
network, said network address translator is further adapted 

to perform network address translation on said second 
packet, and said packet forwarder is further adapted to 
forward said second packet to the user, 40 

57. A program storage device readable by a machine, 
tangibly embodying a program of instructions executable by 
the machine to perform method steps for estabUshing mul- 
tiple network connections for a user having a PPP connec- 
tion to a gateway, said method steps including the steps of: 45 

establishing a first network session between the gateway 

and said first network; 
receiving a first real network address for the user, said first 

real network address assigned by said first network; 
establishing a second network session between the gate- 

way and a second network while said first network 

session is established; and 
receiving a second real network address for the user, said 

second real network address assigned by said second 

network. 

58. The program storage device of claim 57, wherein the 
method further includes the steps of: 

assigning the user a virtual network address; and 

storing said virtual network address in a network address 50 

translation table in an entry corresponding to said first 

real network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said 

second real network address. 65 

59. The program storage device of claim 58, wherein said 
assigning step includes the step of assigning the user a 
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virtual network address utilizing a network address transla- 
tion allocation scheme. 

60. The program storage device of claim 57, wherein said 
first network session and said second network session are 
tunneling sessions. 

61. The program storage device of claim 60, wherein said 
first network session and said second network session arc 
L2TP sessions. 

62. A program storage device readable by a machine, 
tangibly embodying a program of instmctions executable by 
the machine to perform method steps for establishing mul- 
tiple network cormections for a user having a PPP connec- 
tion to a gateway, said method steps including the steps of: 

receiving a first PPP connection request from the user, 
negotiating LCP options between the user and a first 
network; 

establishing a first PPP session between the gateway and 

said first network; 
receiving a first real network address for the user, said first 

real network address assigned by said first network; 
receiving a PPP connection request from the user; 
negotiating LCP options between the user and a second 

network; 

establishing a second PPP session between the gateway 

and a second network while said first PPP session is 

established; and 
receiving a second real network address for the user, said 

second real network address assigned by said second 

network. 

63. The program storage device of claim 62, wherein the 
method further includes the steps of: 

assigning the user a virtual network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said 

second real network address, 

64. The program storage device of claim 63, wherein said 
assigning step includes the step of assigning the user a 
virtual network address utilizing a network address transla- 
tion allocation scheme. 

65. The program storage device of claims 62, wherein said 
first network session and said second network session are 
tunneling sessions, 

66. The program storage device of claim 65, wherein said 
first network, session and said second network session are 
L2TP sessions. 

67. A program storage device readable by a machine, 
tangibly embodying a program of instructions executable by 
the machine to perform method steps for establishing miil- 
tiple network connections for a user having a PPP connec- 
tion to a gateway, said method steps including the steps of: 

establishing a first network session between the gateway 
and said first network; 

receiving a first real network address for the user, said first 
real network address assigned by said first network; 

establishing a second network session between the gate- 
way and a second network while said first network 
session is established; 

receiving a second real network address for the user, said 
second real network address assigned by said second 
network; 

receiving a packet sent from the user; 
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examining said packet io determine if its destination is the 

first network or the second network; 
performing network address translation on said packet; 

and 

forwarding said translated packet to the first network or ^ 
the second network, depending upon said packet's 
destination, 

68. The program storage device of daim 67, wherein the 
method further includes the steps of: 

assigning the user a virtual network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address; and 
storing said virtual network address in a network address 15 

translation table in an entry corresponding to said 

second real network address. 

69. The program storage device of claim 68, wherein said 
assigning step includes the step of assigning the user a 
virtual network address utilizing a network address transla- 20 
tion allocation scheme. 

70. The program storage device of claim 68, wherein said 
performing network address translation step includes the 
step of looking up said source network address in a network 
address translation table. 25 

71. The program storage device of claim 67, wherein said 
first network session and said second network session are 
tunneling sessions. 

72. The program storage device of claim 71, wherein said 
first network session and said second network session are 30 
L2TP sessions. 

73. The program storage device of claim 67, wherein said 
examining step further includes the steps of: 

extracting a destination network address from the packet; 
looking up said destination network address in a routing 
table; 

determining that said destination is the first or second 
network based upon the listing for the destination 
network address in the routing table; and ^ 

determining that said destination is the first or second 
network based on a default setting if said destination 
network address is not listed in said routing table. 

74. The program storage device of claim 67, wherein said 
performing network address translation step includes the 45 
step of applying a network address translation mapping 
scheme to said source network address. 

75. The program storage device of claim 67, wherein the 
method further includes the steps of: 

receiving a second packet, said second packet sent from 50 

said first network or said second network; 
performing network address translation on said second 

packet; and 
forwarding said second packet to the \iser. 

76. A program storage device readable by a machine, 
tangibly embodying a program of instructions executable by 
the machine to perform method steps for establishing mul- 
tiple network connections for a user having a PPP connec- 
tion to a gateway, said method steps including the steps of: 

receiving a first PPP connection request from the user; 
negotiating LCP options between the user and a first 
network; 

establishing a first PPP session between the gateway and 
said first network; g5 

receiving a first real network address for the xiser, said first 
real network address assigned by said first network; 
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receiving a second PPP connection request from the user; 
negotiating LCP options between the user and said second 
networlg 

establishing a second PPP session between the gateway 
and a second network while said first PPP session is 
established; 

receiving a second real network address for the user, said 
second real network address assigned by said second 
network; 

receiving a packet sent from the user; 

examining said packet to determine if its destination is the 

first network or the second network; 
performing network address translation on said packet; 

and 

forwarding said translated packet to the first network or 
the second network, depending upon said packet's 
destination. 

77. The program storage device of claim 76, wherein the 
method further includes the steps of: 

assigning the user a virtual network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said first 

real network address; and 
storing said virtual network address in a network address 

translation table in an entry corresponding to said 

second real network address. 

78. The method of claim 77, wherein said assigning step 
includes the step of assigning the user a virtual network 
address utilizing a network address translation allocation 
scheme. 

79. The program storage device of claim 77, wherein said 
performing network addiress translation step includes the 
step of looking up said source network address in a network 
address translation table. 

80. The program storage device of claim 76, wherein said 
first network session and said second network session are 
tunneling sessions. 

81. The program storage device of claim 80, wherein said 
first network session and said second network session are 
L2TP sessions. 

82. The program storage device of claim 76, wherein said 
examining step further includes the steps of: 

extracting a destination network address firom the packet; 
looking up said destination network address in a routing 
table; 

determining that said destination is the first or second 
network based upon the listing for the destination 
network address in the routing table; and 

determining that said destination is the first or second 
network based on a default setting if said destination 
network address is not listed in said routing table. 

83. The program storage device of claim 76, wherein said 
performing network address translation step includes the 
step of applying a networic address translation mapping 
scheme to said source network address. 

84. The program storage device of claims 76, wherein the 
method further includes the steps of: 

receiving a second packet, said second packet sent from 
said first network or said second network; 

performing network address translation on said second 
packet; and 

forwarding said second packet to the user 

85. A network gateway for network communications in a 
system having a user with a PPP connection to the gateway, 
including: 
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means for establish! Dg a first network session between the 

gateway and said first network; 
means for receiving a first real network address for the 

user, said first real network address assigned by said 

first network; 5 
means for establishing a second network session between 

the gateway and a second network while said first 

network session is established; 
means for receiving a second real network address for the 

user, said second real network address assigned by said 

second network; 
means for receiving a packet sent by the user; 
means for examining said packet to determine if its 

destination is said first network or said second network; 15 
means for forwarding said packet to the first network if 

said packet indicates that its destination is said first 

network; 

means for performing network address translation on said 
packet; and '^^ 

means for forwarding said translated packet to said sec- 
ond network if said packet indicates that its destination 
is said second network. 

86. The network gateway of claim 85, further including: ^ 
means for assigning the user a virtual network address; 

and 

means for storing said virtual network address in a 
network address translation table in an entry corre- 
sponding to said first real network address; and 30 

means for storing said virtual network address in a 
network address translation table in an entry corre- 
sponding to said second real network address. 

87. The network gateway of claim 86, wherein said means 
for assigning includes means for assigning the user a virtual 35 
network address utilizing a network address translation 
allocation scheme. 
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88. The network gateway of claim 86, wherein said 
performing network address translation means includes 
means for looking up said source network address in a 
network address translation table. 

89. The network gateway of claim 85, wherein said first 
network session and said second network session are tun- 
neling sessions. 

90. The network gateway of claim 89, wherein said first 
network session and said second network session are L2TP 
sessions, 

91. The network gateway of claim 85, wherein said 
examining means further includes: 

means for extracting a destination network address from 
the packet; 

means for looking up said destination network address in 
a routing table; 

means for determining that said destination is the first or 
second network based upon the listing for the destina- 
tion network address in the routing table; and 

means for determining that said destination is the first or 
second network based on a default setting if said 
destination network address is not listed in said routing 
table. 

92. The network gateway of claim 85, wherein said 
performing network address translation means includes 
means for applying a network address translation mapping 
scheme to said source network address. 

93. The network gateway of claim 85, further includes: 
means for receiving a second packet, said second packet 

sent from said first network or said second network; 
means for performing network address translation on said 
second packet; and means for forwarding said second 
packet to the user. 

***** 
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